6fb3302bc9adcabc6dc4332403c117ff71fd454614bbb4aca4b4d32ceb4d1580

General

Target

7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
Size

205KB
MD5

7750a6188751772e496bf59536438a90
SHA1

ab6793c32ef433bcec94f639312796435aa4af43
SHA256

6fb3302bc9adcabc6dc4332403c117ff71fd454614bbb4aca4b4d32ceb4d1580
SHA512

1483460174752e2dd8cfdd560ebe044aa7c4346b1309ecfb4afdf077d0e25f4fcb6d854380e4c240576ff1ca9775e940fa839097f28b6d2ab257f6a29b51cfbd
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuZwUhQ7XhxX:JiQSo1EZGtKgZGtK/CAIuZAIuZ8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4673) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4488-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

7750a6188751772e496bf59536438a90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\InstallShow.htm.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	7750a6188751772e496bf59536438a90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7750a6188751772e496bf59536438a90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7750a6188751772e496bf59536438a90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
Filesize
205KB

MD5
c46cf15f399c67e082972fd3aabbeade

SHA1
c3aafa46de6f1c320576552623330473c4e0349a

SHA256
d1b0f8a8165383ea2cb4e3fd26eb23e3e9d08a75fc12faf279666016b65bda20

SHA512
80b410f983e6b0f6866ae26a68a7020b344b981a82c096f1041914b50c8c0a6e81c0c271b9cd48d1aa3074a7daf646bf5602f308c373851fdeda35c17ccc8d92

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
304KB

MD5
afae06ebc3556d6dee50b82112eeaf40

SHA1
1c4dc63075190272b8fa2aaf82ea80bc3f3e7b6a

SHA256
2abf568af4f650e079b9bb84a96276da8eccf365cede9b169963bb5fd82c914a

SHA512
ef71a8e29925c277ea1f6cfed8b61b63711cc4b0758b6c728146d9b6e0fb9d2017e62540e96c2c296c05d5c7ddcfe2add5a091b0e9e132cf8851e4bf22b28f83

Download Submit
memory/4488-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing